Related tangent: "Relay" (https://relay.md") lets you sync / share files based on directory (vs. the whole vault). That enables things like "my private vault contains a subdir for work, and my work machine syncs to only that child subdir".

Thanks for your support! Sync is end-to-end encrypted so the server doesn't know about specific paths in your vault. You would have to set those permissions at the filesystem level, or with the tool you're using.